Jacob Davis-Hansson on technology

On professionalism in software

We like to blame the worlds governments, or the ominous Them, for the current mass surveillance society we live in. It's an easy way out - but pull the curtain aside and you and I both know there is a programmer sitting behind it.

We, the profession of software engineering, built the Orwellian future we now inhabit, and it is high time for a retrospective.

The world is filled with professions which have responsibilities beyond the immediate need to make a living. Doctors, plumbers, journalists and pilots are all in some way in a position of power. The general public has the right to expect these professionals to act with integrity and with the best interest of the public in mind.

Software engineering is part of this group of professions. In our daily work we know things large and small that others around us do not. Our clients, users and the public at large have the right to expect and demand that we use this knowledge in an ethical way.

If you have formal computer science education, you may have gotten to read the Software Engineering Code of Ethics in school. I encourage you to read it again, or for the first time, and to ask yourself as you are reading it - have we as a profession lived up to this standard?

Our track record so far

I want to highlight that we as an industry have achieved some fantastic things. We've been part in revolutionizing communication around the globe. We've developed an industry with a strong ethos of openness and honesty. We have a large part of our industry overlapping with the FOSS community, for which we should be very proud.

But this post isn't about what we've done well, it's about where we should and will do better. In the past half century or so our industry has been naive, trusting that other industries like telecommunications will behave ethically, and it has been directly responsible for the development of morally reprehensible technology.

Our industry designed the internet in a way that fundamentally trusted the physical network maintainers to act ethically. We know now that this trust was misplaced, and it is our responsibility towards our users to augment or redesign the TCP/IP stack with this knowledge in mind.

Today, we are building "App Stores" and "Platforms", touting them as beneficial for our users. In reality we know we're constructing artificial monopolies to shore up for the ongoing commoditization of the production of software itself. Those of us, like me, who find ourselves cursing at the foul play taking place in the pharmaceutical industry are hypocrites, because our industry is doing the world the very same disservice.


We, as an industry, need to stop seeing users solely as a resource from which to extract value. Our relationship to our users is that of a doctor and a patient or the architect of a bridge and the people walking across it, not that of a mining company and a national park.

We should recognize that ethical behavior is hard, especially when it is at odds with our responsibilities towards our clients or employers, and prepare accordingly.

We should talk to each other about these things. Knowing that we are not alone builds confidence and collective strength. Talk to your co-workers, in your meetup groups. Organize an ethics discussion around difficult scenarios at the next unconference you attend.

We should work with our peers and friends already designing the next generation of protocols and infrastructure to protect our users. Contribute code to decentralization projects like Tor, CJDNS or one of the hundreds of projects worked on by the BitTorrent community.

Above all, stop seeing yourself as a lone individual developer. The work we do by definition impacts other people, and we should take pride in the responsibility that entails.

This post has been edited. It previously cited the design of HTTPS, trusting third parties to act as certificate authorities, as an example of naivety. While I still believe that to be the case, there is no proof that this aspect of HTTPS is being exploited on a bulk scale to decrypt user data. Rather, we don't know how the NSA and GCHQ are breaking HTTPS, although there are suspicisions that the problem is with RC4.